chore(security): Add daily security audit

2026-01-18 16:37:22 +01:00 · 2025-12-08 10:25:35 +00:00
parent 8e4f823002
commit da882e70c7
2 changed files with 61 additions and 0 deletions
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -0,0 +1,14 @@
 {
    "name": "Node.js 24 & pnpm",
    "image": "mcr.microsoft.com/devcontainers/base:ubuntu",
    "features": {
        "ghcr.io/devcontainers/features/node:1": {
            "nodeGypDependencies": true,
            "installYarnUsingApt": true,
            "version": "lts",
            "pnpmVersion": "latest",
            "nvmVersion": "latest"
        },
        "ghcr.io/devcontainers/features/git-lfs:1": {}
    }
 }
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@@ -0,0 +1,47 @@
 name: Security Audit
 on:
  push:
    branches: [main, dev]
  pull_request:
    branches:
      - '**'
  schedule:
    - cron: '0 8 * * *' 
  workflow_dispatch: 
 jobs:
  audit:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      issues: write
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Setup pnpm
        uses: pnpm/action-setup@v4
        with:
          version: latest
      - name: Install dependencies
        run: pnpm install
      - name: Run security audit
        id: audit
        run: pnpm audit --audit-level moderate
        continue-on-error: true
      - name: Create issue on failure
        if: steps.audit.outcome == 'failure'
        uses: actions/github-script@v7
        with:
          script: |
            github.rest.issues.create({
              owner: context.repo.owner,
              repo: context.repo.repo,
              title: 'Security Audit Failed',
              body: 'The daily security audit has failed. Please check the workflow run for details: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}',
              labels: ['security', 'audit']
            });